ANDROID fans are being warned after malware was found pre-loaded on HUNDREDS of smartphones.

Android users have been put on alert after malware was found pre-installed on hundreds of phones straight out of the box.

The adware, dubbed Cosiloon, was discovered by researchers from cybersecurity firm Avast.

Security experts said the malware was found on hundreds of Android phones with owners in the UK, US, Germany, Italy and Russia among those affected.

The adware creates an overlay to display an annoying advert over a webpage within the users’ browser.

Thousands of smartphone owners are affected - in the past month alone Avast discovered the Cosiloon adware on around 18,000 devices.

Avast reported the findings of their research to Google who have ”taken steps to mitigate the malicious capabilities of many app variants on several device models, using internally developed techniques.”

Avast said the malware was discovered on budget smartphones with the majority of them not certified by Google.

Researchers said the adware was discovered on phones made by manufacturers such as Archos, ZTE and Pretigio.

In a blog post outlining the threat, Avast said: “Several hundred different devices are affected.

GOOGLE has released its latest spring wallpapers and rumours are rife that they feature a hidden Android P feature.

They added: “The list [of affected devices] is likely so extensive because the malware was part of a chipset platform package which is reused for many similar devices with different brand names.

“We cross-checked many, but not all of the devices, and noticed that the chipset on the devices we inspected was from MediaTek. The devices run different Android versions ranging from 4.2 to 6.0.”

The small number of affected devices which are certified will have Google Play Protect malware scanning.

This is capable of finding and removing the offending malware in question.

Alternatively, antivirus software should also be able to detect the Cosiloon adware.

Concluding their findings, Avast said: “Some antivirus apps report the payloads, sure, but the dropper will install them right back again and the dropper itself can’t be removed, so the device will forever have a method allowing an unknown party to install any application they want on it.

“We have seen the dropper install adware on the devices, however, it could easily also download spyware, ransomware or any other type of threat.”

They added: “Avast Mobile Security can detect and uninstall the payload, but it cannot acquire the permissions required to disable the dropper, so Google Play Protect has to do the heavy lifting.“

In other Android news, Express.co.uk earlier this month reported on a terrifying strain of malware which lets cybercriminals spy on almost everything they’re doing.